pursuant to Article 13 of Regulation EU 679/2016 (“GDPR”)
Dear Sir or Madam,
With reference to the personal data that LHS Foundation processes during the LiHS training course, pursuant to Art. 13 of the GDPR, we provide you with the following information.
- The Controller is: FONDAZIONE LHS, via Martiri di Cefalonia nr. 67, 20097 San Donato Milanese (MI), tel 0244254850, email email@example.com – www.fondlhs.org. (“Foundation”)
PURPOSE, LEGAL BASIS OF PROCESSING AND PERSONAL DATA RETENTION PERIOD
- The personal data provided by you will be processed for the following purposes:
- enrolling and delivering the training course, including final assessment. The legal basis is the performance of a contract that you are a party to. The data will be kept for the entire duration of the contract and, after termination, for the period of 10 years.
- fulfilling obligations or exercising rights under national or European Union law, as well as fulfilling a request from an Authority, as well as asserting or defending a right before the courts. The legal basis that legitimises the processing is the need to fulfil legal obligations to which the controller is subject. The Foundation will keep your data until the conclusion of the contract and subsequently for the period of 10 years.
Once the storage deadlines indicated above have passed, the data will be destroyed or made anonymous, in line with the technical procedures for deletion and backup.
OBLIGATORY PROVISION OF DATA
- The provision of data is necessary for the provision of the training course. Any refusal to provide such data will therefore prevent the provision of the service.
METHODS OF PROCESSING
- The processing of data is based on the principles of fairness, lawfulness and transparency and data minimisation; it may be carried out both manually and through automated methods designed to store, process and transmit them and will take place through appropriate technical and organisational measures, as far as is justified and according to the state of the art, to ensure, among other things, the security, confidentiality, integrity, availability and resilience of systems and services, avoiding the risk of loss, destruction, unauthorised access or disclosure or, in any case, unlawful use, as well as through reasonable measures to promptly erase or rectify inaccurate data with respect to the purposes for which they are processed.
RECIPIENTS OF DATA
- Your data may be communicated to subjects acting as independent controllers (such as, for example, supervisory and control authorities and any public entity entitled to request the data) or processed, on behalf of the Foundation, by subjects designated as Data Processors, to whom appropriate operating instructions are given. These subjects essentially fall within the following categories:
- Saipem Group companies, even if not located in the EU (based on the adequacy decisions by the European Commission or on the basis of standard model clauses), in order to carry out contract management and personnel management activities;
- third parties (for example companies providing IT services, etc.) even if not located in the EU (based on the adequacy decisions by the European Commission or on the basis of standard model clauses), who carry out outsourcing activities on behalf of the Data Controller in their capacity as Data Processors.
SUBJECTS AUTHORISED TO PROCESS DATA
- The data may only be processed by the employees of the Controller or Data Processors responsible for pursuing the purposes indicated above, who have been expressly authorised for processing and who have received appropriate operating instructions.
RIGHTS OF DATA SUBJECTS
- The interested party has the right to ask the Data Controller for access to his/her personal data, their correction, deletion, portability, opposition to their processing as well as the integration of incomplete personal data and the limitation of the processing in cases provided by art. 18 GDPR. Furthermore, where applicable, you can revoke consent at any time.
These rights may be exercised with the Data Controller at any time by sending a specific request in writing to the following e-mail address firstname.lastname@example.org
Furthermore, you have the right to lodge a complaint with the Personal Data Protection Authority and to resort to other means of protection provided for by applicable legislation.